I liked this article because it described how Google's 2-step authentication works. I've always assumed that the verification involved a text message that you'd reply to. I don't have a smart phone (or any cell phone), so I assumed I couldn't take advantage of it. But I do have a tablet and could run the random password generator app.

They give you both options - they can send you a text message or you can use the authenticator app. I use the app since it's a little faster than getting a txt message.

They also have an option of getting a USB security key. You would need to plug in that USB key any time you login from a strange computer, or once every 30 days on your main pc. That option is even more secure than the app, but I'd be too worried about losing the USB key or forgetting to take it with me if i go on vacation or something.